Hello
Some weeks ago, about a month ago I've decided to enable OpenGL in Firefox
via 'about:config' and so on. (There are several guides available on the
internet.) I've done this just for testing purposes etc.
Anyway, everything went OK; under the "Graphics" section and "Compositing"
there was "OpenGL", which means that it is enabled. Otherwise, it reports
"Basic". (It can be checked via 'about:support'.)
After all mentioned changes, made in 'about:config' preferences, I've
noticed a couple of "DENIED" entries in a log files, which was concerned to
"@{HOME}/.nv/GLCache/*.toc" (requested_mask="k" and denied_mask="k".) It
seems, that there is already a rule related to this folder [see: 1.]
When I turned on the computer again, I decided to check profiles status
using apparmor_status(8) utility. But there wasn't any Firefox entry! By
the way; '/var/log/boot.log' file contained such entry:
AppArmor parser error for /etc/apparmor.d/usr.bin.firefox in
/etc/apparmor.d/abstractions/nvidia at line 23: Found unexpected character:
'#'
Firefox wasn't even listed in a section where user can see if application
is in an enforce mode etc. (I mean: "X processes are in enforce mode.")
Earlier, there was at least two entries. So I decided to do some
investigations -- despite the above entry from '/var/log/boot.log' file.
Generally, I've tried to put Firefox in enforce mode once again -- just to
see what will happen. And that was it! 'boot.log' file entry was confirmed.
[~]$ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox
Setting /etc/apparmor.d/usr.bin.firefox to enforce mode.
Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update
cache, disable, or force-complain via stdin AppArmor parser error, in
/etc/apparmor.d/abstractions/nvidia line 23: Found unexpected character:
'#'
It was pretty strange, because '#' was a simple comment. Nothing more,
nothing less. After some tests with OpenGL, I decided to remove/comment
rules in 'abstractions/nvidia' file, because without OpenGL, there wasn't
any "DENIED" entry like before. These rules looked this way:
#owner @{HOME}/.nv/GLCache/ r,
#owner @{HOME}/.nv/GLCache/** rwk,
But, as we can see it led to the "Warning from stdin (line 1):
/sbin/apparmor_parser..." issue. It looks like I could not make a comment
in this file. It's really confusing, because watching other files in
'abstraction/*' folder many of them have comments.
In the same file ('abstractions/nvidia') I have one comment related to one
rule added by me, because of "DENIED" access to the '/home/user1/.nv'
folder [see: 2.] Thanks to Mr Seth Arnold, I added something like this one:
owner @{HOME}/.nv/gl* rwm,
And of course, I made a comment -- there wasn't any problems at all. But,
after adding another rule, related with ".nv/GLCache/*" the problem, that I
describe, occurred.
I'm sorry; this message is much longer, than this, which I wanted to write.
And now my question: it's a bug and I should to report it or everything is
fine? What are your opinions?
Thanks, best regards.
____________________
1.
https://code.launchpad.net/~osomon/apparmor/newer-nvidia-abstraction-trunk/+merge/319120
2. https://lists.ubuntu.com/archives/apparmor/2017-January/010479.html
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
